IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2022/03/10
@eyedeekay
+R4SAS
+RN
+RN_
+T3s|4
+Xeha
+acetone
+orignal
+weko
Irc2PGuest5995
Irc2PGuest89954
Leopold_
Onn4l7h
Onn4|7h
T3s|4_
aargh2
anon2
eyedeekay_bnc
hk
not_bob_afk
profetikla
shiver_
u5657
x74a6
eyedeekay Just working out the differences between approaches to a SAM session confirmation popup, and as far as I can tell, when the popup needs to happen could be seen in 3 ways
eyedeekay 1: A one-time popup during the HELLO phase which then allows the app to do subsequent SAM operations
eyedeekay 2: A one-time popup during the SESSION phase which then allows the app to do subsequent operations on the session
eyedeekay 3: A popup during the operations that are potentially useful to malware
eyedeekay but the problem with 2: and 3: is that LOOKUPs can happen between the HELLO and SESSION phases
eyedeekay and if malware is interested in figuring out information about your I2P router for identification purposes, it might do a LOOKUP for an extensive list of registered domains to see which ones you have stored
eyedeekay which they could treat like a profile of sites that you often visit
eyedeekay So in the case of 2, you don't protect against this kind of attack at all, and in the case of 3, you barely protect against it because you either
eyedeekay 1: Pop up the "authorize lookup" dialog every time or
eyedeekay 2: Pop the dialog on the first one and authorize every subsequent lookup
eyedeekay So I'm not sure, but I *think* that 1: A one-time popup during the HELLO phase which then allows the app to do subsequent SAM operations is the cleanest way to do it that does what it needs to, IMO